OARC 32 (San Francisco, CA, USA)

Name: OARC 32 (San Francisco, CA, USA)
Start: 2020-02-08T08:00:00-08:00
End: 2020-02-09T18:00:00-08:00
Location: Hyatt Regency San Francisco

8–9 Feb 2020

Hyatt Regency San Francisco

America/Los_Angeles timezone

OARC 32 Admin

Improving DNSSEC Provisioning with 3rd Party DNS Providers

8 Feb 2020, 16:50

Bayview Room (Hyatt Regency San Francisco)

Bayview Room

Hyatt Regency San Francisco

5 Embarcadero Center San Francisco CA 94111 United States

Lightning Talk Lightning Talks Lightning Talks

Shumon Huque (Salesforce)

A group of DNS engineers have formed a design team to look at improving DNSSEC Provisioning with 3rd party DNS providers. Two issues are being looked at:

DNSSEC requires the registry to have a DS record associated with the zone. When 3rd party DNS providers generate the key(s) and sign the zone, there is no well defined path for providing the DS record to the registry. (Some ccTLDs are implementing RFC 8078.)
If multiple 3rd party DNS providers are serving the same zone, each is signing with its own key, they each need to include the ZSKs (or CSKs) of the other providers. “Multi-Signer DNSSEC Models” defines the general scheme, but there is no well defined protocol for coordination of the cross-signing process between the providers.

We'll briefly discuss the planned work and tell you how to get involved.

Talk Duration	Lightning Talk 5 Minutes

Shumon Huque (Salesforce) Steve Crocker (Shinkuro)

dnssec-prov.pdf

OARC 32 (San Francisco, CA, USA)

OARC 32 Admin

Improving DNSSEC Provisioning with 3rd Party DNS Providers

Bayview Room

Hyatt Regency San Francisco

Speaker

Description

Primary authors

Presentation materials

Choose timezone

OARC 32 (San Francisco, CA, USA)

OARC 32 Admin

Speaker

Description

Primary authors

Presentation materials